<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html>
        <head>
                <title>Login Page</title>
				<link  rel="stylesheet" type="text/css" href = "stylesheet.css"/>
        </head>

        <body>
            <h1 align = 'center' ><font face = 'Edwardian Script ITC'>Milestone Employee Login</font></h1>
			<h2 align = 'center'><font face = 'Edwardian Script ITC'>Please Login</font></h2>
		
            <div class="form">
                <?php
                 
	       /****************************************/
	       /*************DATABASE STUFF**************/
		    $username = 'root';
			$pw = '';
			$con = mysqli_connect("localhost", $username, $pw, 'milestone');
		
			if (mysqli_connect_errno()) 
			{
				echo "Failed to connect to MySQL: " . mysqli_connect_error();
			}
		   
			 //set time to the central time zone
			if ( !date_default_timezone_set ( 'America/Chicago' ) )
			{
				echo "could not set time zone!";
			}
			
			$date = new DateTime();
			$datetime_string = date_format($date, 'Y-m-d');

		  /*****************************************/

                        session_start();

                        if (isset($_POST['submit']))
                        {
                                $user = clean_field ($_POST['username']);
                                $password = clean_field ($_POST['password']);


                                //Checking to see if the account exists with these credentials
                                $sql = "SELECT * FROM users WHERE username='$user' and password='$password'";
								//$sql2 = "SELECT first_name FROM users WHERE email='$email' and password='$password'";
								//$sql3 = "SELECT last_name FROM users WHERE email='$email' and password='$password'";
                                $result = mysqli_query($con, $sql);
								$row = mysqli_fetch_array($result);

                                //If it exists, the query returns a result with one row.
                                if (mysqli_num_rows($result) == 1)
                                {
                                        $_SESSION['username'] = $user;
                                        $_SESSION['password'] = $password;
										//$_SESSION['admin'] = $row[''];
                                        if($row['isAdmin'] == 1)
                                        {
										//$_SESSION['last_name'] = $row['last_name'];
                                        //Redirects to admin_main_menu page.
                                        header("location: admin_main_menu.php");
                                        }
                                        else
                                        {
                                            header("location: main_menu.php");
                                        }
                                }
                                else
                                        echo "<center><font color = 'red'>Invalid username or password.</font></center>";

                                mysqli_close($con);
                        }

                        function clean_field ($data)
                        {
                                $data = trim($data);
                                $data = stripslashes($data);
                                $data = htmlspecialchars($data);
                                return $data;
                        }
						/*
                        function hash_pass ($pass)
                        {
                                $salt = openssl_random_pseudo_bytes(8);
                                $hashed = hash("sha256", $password + $salt);
                                return $hashed;
                        } 
						*/
						
                ?>
                
                <!-- Simple login form -->
                <form method="POST" action="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]);?>">
                        <center><table border = '1'>
                        <tr><td bgcolor = white>
                        <span style="font-size:20pt;" >Username:</span>
                        </td><td bgcolor = white>
                    <input type="text" name = "username" value=""><br>
                         </td></tr>
                         <tr><td bgcolor = white>
                        <span style="font-size:20pt;">Password: </span>
                        </td><td bgcolor = white>
                    <input type="password" name="password" value=""><br>
                        </td></tr> 
                       
                        </table>
                        <center>
                        <input type="submit" name="submit" value="Login" class = "menu">
                        </center>
                        </center>
                    </div>
                </form>
        </body>
</html>
